Module security

HTTP Security Headers.

Specifications

• W3C Timing-Allow-Origin header

Example

use http_types::{StatusCode, Response};

let mut res = Response::new(StatusCode::Ok);
http_types::security::default(&mut res);

Structs

ContentSecurityPolicy

Build a Content-Security-Policy header.

ReportTo

Define report-to directive value

ReportToEndpoint

Define endpoints for report-to directive value

TimingAllowOrigin

Specify origins that are allowed to see values via the Resource Timing API.

Enums

FrameOptions

Set the frameguard level.

ReferrerOptions

Set the Referrer-Policy level

Source

Define source value

Functions

default

Apply a set of default protections.

dns_prefetch_control

Disable browsers’ DNS prefetching by setting the X-DNS-Prefetch-Control header.

frameguard

Mitigates clickjacking attacks by setting the X-Frame-Options header.

hsts

Sets the Strict-Transport-Security header to keep your users on HTTPS.

nosniff

Prevent browsers from trying to guess (“sniff”) the MIME type, which can have security implications.

powered_by

Removes the X-Powered-By header to make it slightly harder for attackers to see what potentially-vulnerable technology powers your site.

referrer_policy

Mitigates referrer leakage by controlling the referer[sic] header in links away from pages

xss_filter

Sets the X-XSS-Protection header to prevent reflected XSS attacks.